Business and research is commonly conducted over the Internet using applications that a non-profit or for-profit enterprise makes available via the World Wide Web. Web-based applications enable enterprises to offer a wide range of products and services. For example, corporations may have web-based applications that support business processes, such as online retail, customer service, supply chain procurement, and delivery of operational and transactional data.
Communication over the Internet is effected via wired and wireless devices. Examples of wired and wireless devices are personal computers and handheld devices having networking capabilities such as personal digital assistants (PDAs). Devices utilize web browsers to interface to the World Wide Web. Frequently used web browsers are NETSCAPE NAVIGATOR, which is available from NETSCAPE COMMUNICATIONS CORPORATION of Mountain View, Calif., and INTERNET EXPLORER, available from MICROSOFT CORPORATION of Redmond, Wash.
New devices are continuously becoming available to access the Internet. Such devices include pocket PCs, smart phones, and devices that interface to a television set, in addition to personal digital assistants (PDAs). The various devices support a number of different communication protocols to transmit and receive data. The Wireless Application Protocol (WAP) is a specification that allows users to access information via handheld wireless devices such as mobile phones, pagers, two-way radios, and smart phones. The Handheld Device Markup Language (HDML) is an extension of the Wireless Markup Language (WML) and is used to format content for Web-enabled mobile phones. HDML is a proprietary language for products from phone.com (a division of Openwave Systems Inc. of Redwood, Calif.). HDML can only be used on mobile phones that use phone.com browsers. Wireless products from other manufacturers, such as NTT DoCoMo of Tokyo, Japan, also use proprietary protocols.
World Wide Web servers transmit data using the HyperText Transfer Protocol (HTTP). Therefore, data from devices that do not support HTTP must have a means to convert data to HTTP. One such means is to transmit data through a gateway system. Generally, devices that communicate using protocols other than HTTP communicate over proprietary networks to the gateway system. The gateway system then communicates over the Internet using HTTP on behalf of the devices. The wireless Internet is facilitated through gateway systems.
A gateway system may be a combination of hardware and software that links different types of computer networks to one another. A gateway system intercepts requests and may convert a non-HTTP protocol to HTTP, or in some cases to the secure HTTP protocol (HTTPS), when a transmission is received from a device. The gateway system also converts an HTTP or an HTTPS message to an appropriate non-HTTP protocol when the transmission is sent in the other direction, that is, from a World Wide Web server to a device that does not support HTTP.
A wireless carrier may maintain a gateway, and possibly, configure the gateway in such a way that the gateway is unavailable to other software vendors for integration purposes, such as not allowing the gateway to integrate software plug-ins (i.e., software modules that add specific functionality to software applications). Even when a gateway may be available for integration purposes, integration may be difficult because integration standards do not exist in the industry.
Proxy servers are configured in some enterprise networks. Proxy servers may provide access controls, for example, security mechanisms and authorization controls. Proxy servers may also provide for Secure Sockets Layer (SSL) acceleration, load balancing, caching, and other features. In general terms, a proxy server functions as a filter between the Internet and an enterprise network. A proxy server receives a request for an Internet client (e.g., a web page request) from a user. If the request passes filtering requirements, the proxy server, acting as a client on behalf of the user, uses an Internet protocol (IP) address that identifies the proxy server (rather then the client making the request) to request the page from a back-end server configured in the enterprise network. When the page is returned, the proxy server forwards the page to the user using an IP address that identifies the proxy server (rather than the back-end server). Using the proxy server's IP address increases security because the IP address of the client is hidden from the back-end server and the IP address of the back-end server is hidden from the client.
A proxy server may be guided by proxy rules that determine where incoming requests should be forwarded. Existing proxy servers use the uniform resource locator (URL) of the original request as the context for the proxy rules. Proxy rules may be implemented in software as regular expressions. Proxy rules do not take into consideration the device type when transmitting a request or information about the user making the request.
Once a user accesses an enterprise network, the enterprise may want to store information about a user. An enterprise may find such information essential for security purposes to prevent unauthorized users from accessing protected resources. To secure access, the enterprise may use the information to control which users can gain access to particular computers and resources and what specific users may do while using a web-based application.
The user information stored by the enterprise is referred to herein as a user session, or simply, a session. Session data is used to identify a user to an application or set of applications. Some products place entitlement data in a user session to specify what the user may do with the application (e.g., permit a user to trade on margin or purchase a product on credit). The data contained in the session may include a user identifier and preferences. Additionally, if the user is authenticated, a session may store authentication data. The session is valid for a specified period of time; therefore, data is also stored in the session that specifies when the session expires.
Essentially, the session holds the state of a user. The way in which a device may hold the state of a user, also referred to as client state, may vary from device to device. Each device may have a particular method for storing client state depending on the device's components and resources, and depending on the user's preferences. A common mechanism that stores client state creates a text file called a cookie. Generally, a cookie is used to track behavioral patterns and information in the cookie may be used for authorization decisions. Although, a cookie may store a user's behavioral patterns as well as authorization information, neither is stored exclusively in a cookie. Additionally, data in the cookie may help an application customize the application interface for the user. An enterprise system may generate a cookie and send that cookie to the user's browser with web content. The browser then may store the cookie on the user's device. The browser transmits the cookie to the enterprise network with a request. Various computers in the enterprise network may receive the cookie and use the contents of the cookie to gather information about the particular user. A drawback with cookies is that cookies are only delivered to specified sets of URLs within a single domain. For example, a cookie may only be valid for the URL finance/mycompany.com within the domain mycompany.com.
Furthermore, cookies may or may not be supported by a particular device. Even if a device supports cookies, a user of the device may choose not to accept a cookie. Memory constraints may be one reason for not permitting cookies to be stored on a device. A device may not have the capability of storing the cookie, which can be as large as several hundred bytes, because the device may not contain enough memory to accommodate a large number of cookies, or large cookies.
Another reason for not permitting cookies to be stored on a device may be performance considerations. The size of a cookie may be as large as the content that a user may receive from an application. Thus, sending a cookie to a device may double the transmission time to accomplish a task (many wireless connections currently support a bandwidth of only 9600 baud).
Cost may be another consideration when determining whether to permit cookies to be stored on a device. Many wireless plans charge a per-packet rate. When a user is charged according to the amount of information that is transmitted to and from the device, a cookie may greatly increase the operational costs of the device, thereby increasing the expense incurred in using a wireless device.
Further, many users choose not to accept cookies for security and privacy reasons. The identifying information stored in a cookie and information about the user can often be shared with computers outside of the user's controlled environment. The user may wish to prevent the sharing of this information with unknown computers.
For the aforementioned reasons, cookies may not be a feasible method for holding client state for many wired and wireless devices. The proliferation of devices used to access information over the Internet demands other mechanisms for holding a client's state besides cookies. Some HTTP servers may implement other mechanisms for holding a client state; however, such HTTP servers can support only one mechanism at a time, making them inappropriate for serving certain content and serving to certain devices. Presently, HTTP-based software servers fail to provide a general solution for simultaneously holding client state for numerous users accessing a variety of applications on a network using a multitude of wired and wireless devices, especially when the applications are designed for particular security and performance requirements. Thus, an enterprise needs the capability to efficiently maintain user sessions for all users and for all devices using device-specific and application-specific requirements. A mechanism is needed that can maintain sessions in the most appropriate manner for each device and each application. By implementing such a mechanism, an enterprise can provide those who wish to access an enterprise network seamless access to the appropriate content for the device.